1) CVE-2020-11104 Description: "An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside of a trusted context." Bug: https://github.com/USCiLab/cereal/issues/625 2) CVE-2020-11105 Description: "An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests." Bug: https://github.com/USCiLab/cereal/issues/636
CVE-2020-11105 (https://nvd.nist.gov/vuln/detail/CVE-2020-11105): An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests. CVE-2020-11104 (https://nvd.nist.gov/vuln/detail/CVE-2020-11104): An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside of a trusted context.
ping
CVE-2020-11104 upstream issue: - https://github.com/USCiLab/cereal/issues/625 CVE-2020-11105 upstream issue: - https://github.com/USCiLab/cereal/issues/651 - https://github.com/USCiLab/cereal/issues/636
(In reply to Dennis Lamm from comment #3) > CVE-2020-11104 upstream issue: > - https://github.com/USCiLab/cereal/issues/625 > > CVE-2020-11105 upstream issue: > - https://github.com/USCiLab/cereal/issues/651 > - https://github.com/USCiLab/cereal/issues/636 CVE-2020-11105 patch: https://github.com/USCiLab/cereal/commit/f27c12d491955c94583512603bf32c4568f20929
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=12c34bc7a5c73936fe87a6f68d450e1c7ec4e359 commit 12c34bc7a5c73936fe87a6f68d450e1c7ec4e359 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-02-21 02:55:01 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-02-21 02:56:06 +0000 dev-libs/cereal: add 1.3.1 Bug: https://bugs.gentoo.org/715538 Closes: https://bugs.gentoo.org/635322 Closes: https://bugs.gentoo.org/636550 Signed-off-by: Sam James <sam@gentoo.org> dev-libs/cereal/Manifest | 1 + dev-libs/cereal/cereal-1.3.1.ebuild | 42 +++++++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+)
(Still pending a CVE-2020-11104 fix).